RE: Apache issue

From: Derick Anderson (danderson_at_vikus.com)
Date: 06/22/05

  • Next message: Jan Ciesko (UNI): "generalInfo"
    Date: Wed, 22 Jun 2005 11:24:23 -0400
    To: <focus-linux@securityfocus.com>
    
    

    The Apache documentation at
    http://httpd.apache.org/docs-2.0/mod/mod_access.html#order will be
    helpful to you. Essentially, you must order the Allow,Deny statement the
    same way as your Allow from/Deny from statements. Example:

    <Directory /foo/bar>
            Order Deny,Allow
            Deny from all
            Allow from 192.168.1.0/255.255.255.0
    </Directory>

    Derick Anderson
     

    > -----Original Message-----
    > From: anita.salerno@talk21.com [mailto:anita.salerno@talk21.com]
    > Sent: Wednesday, June 22, 2005 3:44 AM
    > To: focus-linux@securityfocus.com
    > Subject: Apache issue
    >
    > Hello,
    > I'm using Apache/2.0.52 on Fedora Core 3. I've copied the
    > configuration file of the previous apache's version on a
    > Redhat, as I do everytime when upgrading to a new version of
    > Apache (I configured only the new httpd.conf manually), and
    > now the problem is that none of the security measures is
    > working, I'm bypassing all of them (.htaccess and ip list
    > specification).
    >
    > The mod_access module is enabled.
    >
    > In my httpd.conf, I have:
    >
    > AllowOverride All
    >
    > <Directory /www/html/directory/rzone>
    > Order Allow,Deny
    > Allow from 10.0.10.
    > Deny from all
    > </Directory>
    >
    >
    >
    > My .htaccess is:
    > AuthType Basic
    > AuthName Welcome
    > AuthUserFile /www/html/directory/rzone/.htmdp
    >
    > <Limit GET POST>
    > require valid-user
    >
    > Order Allow,Deny
    > Allow from 10.0.10.
    > Deny from all
    > </Limit>
    >
    > When I was desprate, I've configured the access file as follow:
    >
    > Order Allow,Deny
    > Deny from all
    >
    > and I still have access to the web site.
    >
    > Any idea ?
    >


  • Next message: Jan Ciesko (UNI): "generalInfo"

    Relevant Pages

    • Apache - Surprised by web access to .htaccess etc.
      ... and possibly propose a change to the distributed configuration sample. ... In the distributed Apache configuration, ... *could*, in fact, view the contents of .htaccess, .htpasswd etc. ... The "satisfy any" is taking effect, ...
      (comp.infosystems.www.servers.unix)
    • Re: Reverting back to apache2 from lighttpd: have issues
      ... saying that localhost was not configured properly and I could not use ... the simple browser url "http://localhost to open the server. ... I have several different virtualhost entries in my Apache configuration. ...
      (Debian-User)
    • Re: Reverting back to apache2 from lighttpd: have issues
      ... saying that localhost was not configured properly and I could not use ... in .php are not being allowed to run instead they ... have several different virtualhost entries in my Apache configuration. ...
      (Debian-User)
    • Re: is_dir true from cli, false from Apache
      ... I'm trying to get OpenDocMan working. ... The user apache owns and has full access to the ... of the configuration files beyond defining the site in Apache. ... configuration has no PHP directives, as can be seen in the forum post ...
      (comp.lang.php)
    • Re: Reverting back to apache2 from lighttpd: have issues
      ... saying that localhost was not configured properly and I could not use ... the simple browser url "http://localhost to open the server. ... have several different virtualhost entries in my Apache configuration. ...
      (Debian-User)